【03】Istio Gateway示例配置

3.1 开放kiali至集群外部

• 首先将istio-inressateway暴露集群外部;

  在node02的ens33网卡上面有多余的ip地址，将该地址绑定在igressgateway的svc 上面。

  kubectl edit svc istio-ingressgateway -n istio-system
  1

  

• 定义kiali的ingress gateway的资源配置清单

  apiVersion: networking.istio.io/v1beta1
  kind: Gateway
  metadata:
    name: kiali-gateway
    namespace: istio-system
  spec:
    selector:
      app: istio-ingressgateway
    servers:
    - hosts:
      - "kiali.icloud2native.com"
      port:
        name: http-kiali
        number: 80
        protocol: HTTP
  ---
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  13
  14
  15
  16

• 定义kiali的VirtualService清单

  apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    name: kiali-vs
    namespace: istio-system
  spec:
    gateways:
    - kiali-gateway
    hosts:
    - "kiali.icloud2native.com"
    http:
    - match:
      - uri:
          prefix: /
      route:
      - destination:
          host: kiali
          port:
            number: 20001
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19

• 定义kiali的DestinationRule清单

  apiVersion: networking.istio.io/v1beta1
  kind: DestinationRule
  metadata:
    name: kiali-dr
    namespace: istio-system
  spec:
    host: kiali
    trafficPolicy:
      tls:
        mode: DISABLE
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10

• 本地解析，后访问kiali
  

3.2 开放grafana至集群外

• 定义grafana的gateway

  apiVersion: networking.istio.io/v1beta1
  kind: Gateway
  metadata:
    name: granafa-gw
    namespace: istio-system
  spec:
    selector:
      app: istio-ingressgateway
    servers:
    - port:
        name: http-80
        number: 80
        protocol: HTTP
      hosts:
      - "grafana.icloud2native.com"
  ---
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  13
  14
  15
  16

• 定义grafana的virtualservice

  apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    name: grafana-vs
    namespace: istio-system
  spec:
    gateways:
    - granafa-gw
    hosts:
    - "grafana.icloud2native.com"
    http:
    - match:
      - uri:
          prefix: /
      route:
      - destination:
          host: grafana
          port:
            number: 3000
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19

• 定义grafana的dr

  apiVersion: networking.istio.io/v1beta1
  kind: DestinationRule
  metadata:
    name: grafana
    namespace: istio-system
  spec:
    host: grafana
    trafficPolicy:
      tls:
        mode: DISABLE
  ---
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11

• 访问grafana
  

3.3 开放prometheus至集群外

• prometheus的gateway，vs，dr资源配置清单

  apiVersion: networking.istio.io/v1beta1
  kind: Gateway
  metadata:
    name: prometheus-gateway
    namespace: istio-system
  spec:
    selector:
      app: istio-ingressgateway
    servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
      - "prometheus.icloud2native.com"
  ---
  apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    name: prometheus-virtualservice
    namespace: istio-system
  spec:
    hosts:
    - "prometheus.icloud2native.com"
    gateways:
    - prometheus-gateway
    http:
    - match:
      - uri:
          prefix: /
      route:
      - destination:
          host: prometheus
          port:
            number: 9090
  ---
  apiVersion: networking.istio.io/v1beta1
  kind: DestinationRule
  metadata:
    name: prometheus
    namespace: istio-system
  spec:
    host: prometheus
    trafficPolicy:
      tls:
        mode: DISABLE
  ---
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47

• 访问prometheus
  

3.4 开放trace至集群外

• trace的gateway，vs，dr资源配置清单

  apiVersion: networking.istio.io/v1beta1
  kind: Gateway
  metadata:
    name: tracing-gateway
    namespace: istio-system
  spec:
    selector:
      app: istio-ingressgateway
    servers:
    - port:
        number: 80
        name: http
        protocol: HTTP
      hosts:
      - "tracing.icloud2native.com"
  ---
  apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    name: tracing-virtualservice
    namespace: istio-system
  spec:
    hosts:
    - "tracing.icloud2native.com"
    gateways:
    - tracing-gateway
    http:
    - match:
      - uri:
          prefix: /
      route:
      - destination:
          host: tracing
          port:
            number: 80
  ---
  apiVersion: networking.istio.io/v1beta1
  kind: DestinationRule
  metadata:
    name: tracing-dr
    namespace: istio-system
  spec:
    host: tracing
    trafficPolicy:
      tls:
        mode: DISABLE
  ---
  1
  2
  3
  4
  5
  6
  7
  8
  9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47

• 访问Jaeger